1
00:00:01,620 --> 00:00:02,260
OK, great.

2
00:00:02,280 --> 00:00:08,490
So in the previous lecture, the fragmentation attack was attempted and not successful.

3
00:00:09,450 --> 00:00:16,140
So before you give up, you got to try another method to crack the whip key for client was networks.

4
00:00:16,140 --> 00:00:24,060
And this time we will use airplay Attack four, which is otherwise known as the chop chop attack.

5
00:00:25,150 --> 00:00:31,130
So the chop chop attack, when successful, can decrypt a Web data packet without knowing the Web key.

6
00:00:32,320 --> 00:00:35,460
Now, there is a tiny difference from the fragmentation attack.

7
00:00:35,980 --> 00:00:37,770
We only need to change the attack.

8
00:00:37,780 --> 00:00:39,640
No, it'll be for.

9
00:00:40,930 --> 00:00:43,870
So let's check the data field in the Aradigm session.

10
00:00:44,900 --> 00:00:52,730
OK, so we do have one packet now and there is an associate client with fake authentication, sometimes

11
00:00:52,730 --> 00:00:55,520
you have to wait for a long time or so it would seem.

12
00:01:01,900 --> 00:01:07,990
Now, as for the fragmentation attack, the chop chop attack saves the key stream into an exhausted

13
00:01:07,990 --> 00:01:13,470
fire that can later be used to generate a packet with packet forge energy.

14
00:01:16,070 --> 00:01:20,210
OK, so the capture file and key stream file are now saved.

15
00:01:21,680 --> 00:01:28,700
So at this point, we need packett for Ginji, and that is used to create the encrypted packets that

16
00:01:28,700 --> 00:01:30,860
can later be used for injection.

17
00:01:32,710 --> 00:01:39,610
So we use Pacard for Jeng to generate an ARP request packet that we'll later use to attack the wireless

18
00:01:39,610 --> 00:01:40,240
networks.

19
00:01:42,900 --> 00:01:51,510
So the syntax that we're going to use here is packett forge, engy zero Mac address of access point.

20
00:01:53,880 --> 00:01:55,860
And let's copy it from here.

21
00:02:00,100 --> 00:02:01,390
Mac, address of the client.

22
00:02:03,060 --> 00:02:04,250
Copying that from here.

23
00:02:07,580 --> 00:02:10,430
Destination IP and source IP.

24
00:02:15,940 --> 00:02:18,370
Wire file and output file name.

25
00:02:22,810 --> 00:02:25,780
And now the forged packet is saved.

26
00:02:26,880 --> 00:02:33,630
So now I can start an AAP replay attack by using this packet to increase data frames.

27
00:02:40,580 --> 00:02:45,900
Well, OK, there might always be something it might always now be, but I didn't.

28
00:02:46,340 --> 00:02:53,450
In case you didn't catch it, I did not add the B.S. I.D. so make sure you do it has to be used with

29
00:02:53,450 --> 00:02:55,190
the B parameter, of course.

30
00:02:59,330 --> 00:03:02,450
OK, so as you see here, the data packets are increasing.

31
00:03:03,770 --> 00:03:08,420
And after waiting for a while, we can run their crack engie.

32
00:03:10,580 --> 00:03:15,950
And for that, we've got to give the arrow dump energy output to the aircraft energy.

33
00:03:19,820 --> 00:03:21,500
And might be a little while again.

34
00:03:26,300 --> 00:03:31,620
So sometimes it may be necessary to terminate and then restart aircraft engines.

35
00:03:32,210 --> 00:03:36,350
Sometimes it breaks a key, but it might not show on the screen.

36
00:03:39,920 --> 00:03:42,920
And yeah, OK, so the key was finally found.

37
00:03:45,260 --> 00:03:46,000
Very cool.